MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e22e6a06f6f081ae9ceaaa83d4d23943adc5ea2964ec3fb564dcd06ada18470a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RemcosRAT


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e22e6a06f6f081ae9ceaaa83d4d23943adc5ea2964ec3fb564dcd06ada18470a
SHA3-384 hash: 47d0629e6ce8e492b0bb0a1f6dd8f0e22279adeaa2e4fe39739421f37e195505900569219d2e46d1069ecee0b26bca97
SHA1 hash: 436a7661d5a32aece402e97f7f0c5bfc7dda46e9
MD5 hash: b35308a884218f604e838f12324f6974
humanhash: michigan-cat-oven-mississippi
File name:UPS Detail.img
Download: download sample
Signature RemcosRAT
Create hunting rule
File size:1'310'720 bytes
First seen:2020-10-18 06:34:27 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:ugEcQd3STz36T4IBIZT9oPb6Gxbql62ebKcJUwAbjYFbgAiaiZ:ugEd38jc1i5oPb6Gx2lf5Db0fC
TLSH AE55BE066645BF14F1BD173BCCB48820D3FAEC01D626DA3EBED53A8E45B1BA49511B07
Reporter abuse_ch
Tags:DHL img nVpn RAT RemcosRAT


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: mysmtp5
Sending IP: 52.175.198.254
From: 'DHL Customer Service" (customer@dhI.com)
Subject: UPS - Package Arrival Notification
Attachment: UPS Detail.img (contains "6FNEaMg3dNB7sGi.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.424.3172.11166.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e22e6a06f6f081ae9ceaaa83d4d23943adc5ea2964ec3fb564dcd06ada18470a/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-10-17 21:46:50 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ixgubxw6ca25hhkvkb5jurziow4l2rjmtwd7nle3tigvwqyi4fa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e22e6a06f6f081ae9ceaaa83d4d23943adc5ea2964ec3fb564dcd06ada18470a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

img e22e6a06f6f081ae9ceaaa83d4d23943adc5ea2964ec3fb564dcd06ada18470a

(this sample)

RemcosRAT

Executable exe 2ac56457e5dfd887f318ab16bbc8fa9711095b8cb4cae99f5a34358c9a8502f0

  
Dropping
MD5 fbf6c63acd92d191fb1a77f15b90850c
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2ac56457e5dfd887f318ab16bbc8fa9711095b8cb4cae99f5a34358c9a8502f0

Comments